Lucene search
K

7 matches found

OSV
OSV
added 2026/05/04 1:12 p.m.7 views

JLSEC-2026-392

A malicious server can serve excessive amounts of Set-Cookie: headers in a HTTP response to curl and curl 7.84.0 stores all of them. A sufficiently large amount of big cookies make subsequent HTTP requests to this, or other servers to which the cookies match, create requests that become larger th...

4.3CVSS6.7AI score0.26915EPSS
Exploits1References18
OSV
OSV
added 2026/05/04 1:12 p.m.6 views

JLSEC-2026-397

When curl is used to retrieve and parse cookies from a HTTPS server, itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings...

3.7CVSS6.8AI score0.01839EPSS
Exploits1References16
Broadcom
Broadcom
added 2023/11/07 12:0 a.m.9 views

Curl is vulnerable to a denial-of-service (DoS) issue

Curl is vulnerable to a denial-of-service DoS issue due to how some HTTPs servers handle cookies that contain 'control-bytes' / 'control codes' byte values below 32. When curl sends cookies that contain these bytes to an HTTPs server, it may return a 400 response which effectively allows a "siste...

3.7CVSS6.9AI score0.01839EPSS
Exploits1Affected Software1
RedHat Linux
RedHat Linux
added 2023/05/09 9:51 a.m.5 views

curl: Incorrect handling of control code characters in cookies

A vulnerability found in curl. This security flaw happens when curl is used to retrieve and parse cookies from an HTTPS server, where it accepts cookies using control codes byte values below 32, and also when cookies that contain such control codes are later sent back to an HTTPS server, possibly...

3.7CVSS6.8AI score0.01839EPSS
Exploits1References4
OpenVAS
OpenVAS
added 2023/01/12 12:0 a.m.11 views

Huawei EulerOS: Security Advisory for curl (EulerOS-SA-2023-1164)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

3.7CVSS6.5AI score0.01839EPSS
Exploits1References2
Microsoft CVE
Microsoft CVE
added 2022/09/30 7:0 a.m.3 views

When curl is used to retrieve and parse cookies from a HTTP(S) server itaccepts cookies using control codes that when later are sent back to a HTTPserver might make the server return 400 responses. Effectively allowing a"sister site" to deny service to all siblings.

...

3.7CVSS6.5AI score0.01839EPSS
Exploits1
curl security advisories
curl security advisories
added 2022/08/31 8:0 a.m.8 views

control code in cookie denial of service

When curl retrieves and parses cookies from an HTTPS server, it accepts cookies using control codes byte values below 32. When cookies that contain such control codes are later sent back to an HTTPS server, it might make the server return a 400 response. Effectively allowing a "sister site" to de...

3.7CVSS6.3AI score0.01839EPSS
Exploits1References1Affected Software2
Rows per page
Query Builder